Well, yes, it would need to be a restricted interface by considered request or manual connection only. But not having the interface leads to requests for “classic” where “root-my-machine” is even more possible.
Consider, however, an Ubuntu Core system where the root file-system is read-only and classic is on-top; on such a system a classic snap cannot work, but a properly authorized strict snap can, and this potentially allows for more uses of the same snap where using classic would be restricting it to “normal” systems.
1 Like
Sure, but what’s at stake here is what “properly authorized” means. If an interface gives unconfined access to the root user in the system, that’s not very “strict”.
We did discuss a while ago the possibility of introducing an interface which would be a bridge between the classic snap world and fully confined snaps. Something like an “unsafe” interface. It would give the full access into the system, but keep the snap mounted in its usual namespace as usual otherwise.
That’s pretty close to what you refer to, except we’d label and consider access requests for what it is. It would also require the same sort of user acknowledgement on installation as classic (–classic, etc).
